Government Surveillance: What Notice Do Web Hosts Owe Their Customers?

As consumers increasingly utilize the Internet in many aspects of their daily lives, the challenge becomes enjoying the conveniences of online activities without sacrificing privacy. The mechanisms for protecting privacy continue to evolve as the focus of online activity transitions from laptops and desktop computers to smartphones and other portable devices. With enhanced surveillance from government agencies, do web hosts owe their customers notice that their websites and data has been read by other sources?

How Does The Government Access Personal Information?

The government may want private data for regulation implementation reasons or external intelligence inquiries. In fact, they can obtain your electronic records and communications through wiretapping, warrant, or subpoena. Some protection exists against access to email and additional online activities. The government does understand, acknowledge, and appreciate that some Internet activities justify safeguards. The challenge becomes deciding which Internet activities these protections affect.
Consider that current government surveillance can generate the following data from your web host:

  • Email header message in addition to the subject line

  • IP address

  • IP address of computers communicated with

  • A list of all sites visited

This capability leads to the emergence of two key policy questions stemming from the technical realities of the Internet today.

  1. Do we all have a reasonable expectation of privacy when we use the Internet?
  1. When a user encrypts Internet communications, does that entitle them to extended privacy? As a consequence, is the Internet less secure because of the possible need for the government to decrypt it?

What Are Acceptable Surveillance Measures?

The solution to these questions and also an indicator as to if the government is acting appropriately leads to one main issue. How do we know when web discussions are related to espionage, terrorism or criminal activity? The premise is that if they are, then the government should recognize them, be entitled to observe them, and provide a reasonable measure of security.

RELATED:   Malware Attacks on the Rise

It seems plausible to conclude that Internet privacy should not extend to offenders. Additionally, the government should observe their communications whether or not encryption is present or perhaps especially if it does. Web hosts should focus on the threshold of how the determination is made to watch particular Internet communications or a specific level of communications. More importantly, an understanding should exist on who monitors and manages this determination.
Several distinct organizations establish appropriate criteria for surveillance in diverse ways. One perspective holds that before implementing monitoring, evaluation of the means, context, and intended uses are critical.

What Are The Means Used To Gather Data?

Extensive unprocessed volumes of data retrieved from Internet traffic are collected and stored daily in data warehouses. Software is used to inspect social media posts, online purchases, files sent by email, and all web sites visited. Analysts have to defend why they suspect someone is communicating outside of the U.S. when requesting additional information. This raises questions, including:

  • Does the manner cause unfair or unjust psychological or psychological harm?

  • Does it overlook a personal boundary without approval, such as providing intimidating, false, or misleading information?

  • Does the method violate conjectures concerning how data will be handled, including the absence of secret recordings?

  • Does the technique generate invalid conclusions?

RELATED:   Using Captcha Scripts to Prevent Spam

What Does Data Collection Reveal?

Due to the extreme amount of data collected, storing the full contents of intercepted web traffic cannot usually exceed more than 30 days. However, the law permits the storage of some metadata for five years. Additionally, investigators can move specific documents to permanent databases when it becomes connected with and relevant to an ongoing and open-ended investigation. The law authorizes the targeting of certain individuals, allowing monitoring of all standards of communication, including Internet use, without their knowledge or consent. However, if the government wants private emails or social media posts, for example, it must request this data from the web hosts. All of this leads to more critical matters for web hosting consideration.

  • Should individuals provide consent web hosts for the data collection?

  • Are there systems for disputing the results, or for including optional data or explanations into the document?

  • Is the data sufficiently protected?

  • Is targeting broadly applied to all?

What Uses Are Authorized For The Data That Is Collected?

While the government is only allowed to intercept communications if at least one part of the conversation is outside of the United States, it does not have to distinguish this fact upfront. What this means is that is can collect bulk data and sort it all out at a later date. If the secured information belongs to an American, the investigator must destroy that information. However, this determination cannot always be made by a machine. It typically occurs after a human investigator analyzes it. The safeguards are in place to protect data obtained from U.S. citizens who are not relevant to an ongoing investigation, unless evidence of a crime exists in the information. This brings up the issues of using the collection of mass surveillance data.

  • Does the authorization of the method to gather information serve the objectives of the target of surveillance and not the particular aims of the government?

  • Does an appropriate balance exist between the essential nature of the intent and the price of the means?

  • Are the intentions of the data gathering legitimate? For instance, is there a distinct connection between the data obtained and the goal sought?

  • Can the gathered information cause unfair harm or damage to its subject? If so, how will an individual be protected?

RELATED:   LeaseWeb Makes a Tremendous Investment

What Are The Best Methods For Web Hosts To Acknowledge Government Surveillance?

The government must apply certain safeguards and address with web hosts the practices and regulations governing surveillance of individuals and access to otherwise private information. The majority of hosts and users acknowledge that the government must preserve their security, assurance, and protection. For that reason, the current laws and applications are in of immediate improvement.
The established standards of free speech and privacy require alignment with the aims of assuring that intelligence efforts and government law enforcement are understandable and very clearly defined. Even though ethical surveillance is likely, there must exist feasible and publicly accessible documents and culpability for those recommending, supporting, and performing the surveillance.
Top image ©GL Stock Images